Cs/NET


Version 3.08.00

Release Date

November 21, 2023

Changelog

Added New TLS port for WolfSSL. Users should modify user_settings.h file included with our examples in order to add or remove WolfSSL features at compile time. (343)
Fixed bugs in vulnerability report for TALOS-1828, TALOS-1829, and TALOS-1843 affecting HTTPs. (345)
Created new API functions: NetSock_GetState(), NetSock_DeferSecureConnect(), NetSock_CfgSecureClientAlpnList(), and NetSecure_CopySessionData(). (340) (344) (339) (338)
Added support for deferred TLS handshakes to Cs/Net Core via NetSock_DeferSecureConnect(). (338)
Added support for mutual authentication to the HTTPc and FTPc modules. (327) (336)
Added support for configuring the ALPN TLS extension in the Cs/Net Core as well as the HTTPc and FTPc modules. (327) (336) (339)
Added support for explicit FTPS using the 'AUTH TLS' command. (333)
Improved how NetApp_ClientStreamOpenByHostname() resolved IPv4 or IPv6 addresses using DNS. (337)
Fixed secure session leak caused by NetSock_CfgSecure(). (341)
Fixed bug in NetSock_SelAbort(). (348)
Added nullity check within DNScCache_HostSrchByName(). (326)
Fixed bug in NetApp_ClientStreamOpen() caused by using the wrong data type to declare a variable.
Modified how HTTPcConn_TransProcess() handles HTTPc_ERR_CONN_SOCK_TX on a non-blocking configuration.
Added new error codes FTPc_ERR_DTP_SOCK_CFG, NET_SECURE_ERR_INIT_TLS_STACK, NET_SECURE_ERR_INSUFFICIENT_RESOURCES, and NET_SECURE_ERR_INVALID_SOCK. (334) (342)
Plugged HTTP client internal semaphore leak. Problem occurred when internet connectivity to the server is temporarily disrupted. (328)
Fixed corruption of the HTTPc connection object within HTTPcSock_ConnDataTx(). (329)
Modified how HTTPc handles a socket in a fault state while receiving data. (330)
Fixed bug in the Cs/Net Core that allowed the stack to check the protocol family of a socket in a fault state or closed state. (330)
HTTPc functions that signal network events are now properly guarded with a preprocessor check for HTTPc_SIGNAL_TASK_MODULE_EN. (331)
Fixed bug in HTTPc when asynchronous mode is disabled. Caused HTTPc_ConnOpen() and HTTPc_ReqSend() to both incorrectly return a HTTPc_ERR_FEATURE_DIS error. (346)
Corrected duplicate definition of the FTPc PASV command. (332)
Improved how the FTP client opens FTP_DATA connections by adding internal function that offloads some of the responsibilities from FTPc_Conn(). (334)
Fixed bug in FTPc caused by using the wrong data type to declare a variable in FTPc_Conn() and FTPc_Open(). (334)
Added inactivity timeout for DTP connections (60 seconds by default). (335)
Corrected compiler warning that shows up when loopback interface is enabled without IPv6.
Added missing value to the CtrlRxMaxReplyLength element to the FTPc_CFG structure in the ftp-c_cfg.c template file.
Fixed bug in FTPc_Close() and FTPc_Tx() caused by these functions not validating the socket.
Removed 2lemetry example from the HTTPc Add-on directory.

 


Version 3.07.02

Release Date

June 23, 2023

Changelog

Fixed major bug in DNSc that prevented the client from pending for resolutions for the configurable timeout of DNSc_DFLT_REQ_RETRY_TIMEOUT_MS; pending forever instead.
Improved overall reliability of the DNS client. Made changes to net_app.c and DNSc files to handle successive DNS resolution requests for different DNS record types using the NetApp_ClientStreamOpenByHostname() and the NetApp_ClientDatagramOpenByHostname() APIs. Improved DNSc to better handle SOA responses to our A or AAAA record requests. Fixed a bug that caused the DNSc_FLAG_IPv4_ONLY and DNSc_FLAG_IPv6_ONLY flags to be set simultaneously and passed to DNSc_GetHost().
Made corrections and improvements to the New Reno algorithm implementation. Fixed underflow bug that occurred when the New Reno congestion control algorithm deflates the TCP congestion window. Added correction to RFC 6582 mentioned in its 03-07-2022 errata (see rfc-editor.org/errata/rfc6582). Fixed bug in NewReno that did not reset the DUP ACK counter, keeping us under fast recovery even after congestion subsided. New Reno algorithm can now be enabled or disabled in net_cfg.h via NET_CFG_NEW_RENO_EN.
Added return statement to uncaught 'p_err' variable in NetTCP_TxConnWinSizeHandlerCongCtrl().
Added changes brought about by cases TALOS-2023-1732, TALOS-2023-1733, and TALOS-2023-1738 after having confirmed that they can cause out-of-bounds array writes that may lead to DoS attacks if a specially crafted HTTP header is received under the conditions outlined in these reports.
Added TALOS-2023-1746 fix to HTTP server. It addresses an out-of-bounds array overwrite when processing the http 'Host' header field.
Fixed TALOS-2023-1725 and TALOS-2023-1726 HTTP server bugs reported by Cisco. The HTTP connection object's ‘.RxBufLenRem’ element is now properly updated after receiving non-printable ASCII characters, thereby preventing an array-out-of-bounds access due to the unsigned integer underflow triggered by this vulnerability.
Increased the number of neighbor notification ICMPv6 messages sent when IPv6 SLAAC is configuring itself in an effort to give IPv6 capable routers more time to provide Cs/NET with a global or ULA IPv6 address.
Fixed bug in NetSock_Close() that called the incorrect label on couple of socket states.
Handled the NET_SECURE_ERR_NULL_PTR error returned by the TLS ports as an EFAULT errno. Redefined NET_SECURE_ERR_NULL_PTR error as it shared its value with NET_ERR_FAULT_NULL_PTR for legacy reasons.
Fixed ENOBUFS errno bug on the recv() and recvfrom() BSD API functions. If a task fails to consume data from the socket’s receive queue and buffers are consumed, these functions would return to the caller immediately, causing Cs/Net to not free those buffers after subsequent calls to either one of these two API functions.
Corrected NetBSD_BufsAvailOnConnIF() return value.
The close() API now returns errno EIO instead of EBUSY whenever the network lock cannot be acquired, preventing the close() API from carrying on its duties.
Fixed compilation bug within HTTP server that occurred when the IPv4 feature is disabled in net_cfg.h.

 


Version 3.07.01

Release Date

February 28, 2023

Changelog

Fixed CVE-2022-46377 (TALOS-2022-1681) vulnerability that occurs when the FTP server parses the PORT command searching for an IP address. An out-of-bounds read could lead to a denial of service attack if a specially-crafted string is sent.
Fixed CVE-2022-46378 (TALOS-2022-1681) vulnerability that occurs when the FTP server parses the PORT command searching for a port number. An out-of-bounds read could lead to a denial of service attack if a specially-crafted string is sent.
Fixed CVE-2022-41985 (TALOS-2022-1680) vulnerability. It occurs when the server receives an invalid sequence of commands following 'USER' during the login precess. The server sets the session's Control State to FTPs_STATE_LOGIN anyway, bypassing the user authentication. This leads to a denial of service if any subsequent commands that rely on the session's 'BasePath' and 'RelPath' can load garbage values since the callback function responsible for initializing these variables never executed due to the bypassed authentication.
Fixed bug within FTPs_Init() that could cause an invalid socket ID to be passed to the FTPs Server Task.

 


Version 3.07.00

Release Date

December 23, 2022

Changelog

Added optional POSIX-like ERRNO support for the network BSD API functions.
Added support for the Microchip KSZ8081RNB Ethernet Phy Chip.
Implemented the SO_BROADCAST socket option to allow broadcast communication on IPv4 datagram sockets via setsockopt()/NetSock_OptSet().
New error codes were added: NET_ERR_ERRNO_ALLOC, NET_SOCK_ERR_PERMISSION_DENIED, NET_SOCK_ERR_INSUFFICIENT_RESOURCES and NET_SOCK_ERR_UNKNOWN_PROTOCOL.
NetSock_OptGet() now handles the SO_TYPE option for datagram sockets.
Added new API functions NetSock_ID_Validate() and NetSock_TypeGet().
TCP sockets can now detect if the closed connection was reset by the peer via a [RST] flag.
Fixed bug in NetIPv6_GetAddrSrcHandler() where the IPv6 address of the next hop was not being properly populated and returned to the caller.
Fixed bug in NetSock_ConnHandlerAddrRemoteValidate() which caused the stack to fail to detect if a remote IPv6 address is already in use.
Fixed array access bug in the getpeername() and getsockname() BSD functions.
Fixed bug in DNScCache_HostNameCmp() where an array was being initialized to an incorrect size.
Fixed bug in NetBuf_PoolsGet() that allowed for an invalid interface number to be passed to the function.
Changed our definition of HTTPs_TaskCfgInstance() in the http-s_instance_cfg.c template file to HTTP_TASK CFG instead of NET_TASK_CFG.
The following functions are now included only if Cs/Net is built with NET_TCP_CFG_EN defined as DEF_ENABLED: listen(), accept(), and shutdown().
Redefined setsockopt()'s signature so that its 'opt_val' argument is declared with the 'const' qualifier.
Fixed magic number in definition of in6_addr structure.
NetSock_TxDataTo() and NetSock_Tx() now return NET_SOCK_ERR_INSUFFICIENT_RESOURCES instead of NET_ERR_TX when no transmit buffers are available to send the data.

 


Version 3.06.07

Release Date

September 19, 2022

Changelog

(235) Fixed a "CWE-122 - Heap-based Buffer Overflow" vulnerability in HTTPs that caused the server to write outside the bounds of a connection's .FormBoundaryPtr buffer while HTTPsReq_HdrParse() parsed the HTTP request header.

 


Version 3.06.06

Release Date

June 24, 2022

Changelog

(108) Revamped the algorithm in NetIPv4_GetAddrSrcHandler() that selects a source address to a provided destination address, exhausting all available interfaces.
(108) Fixed issue in NetSock_TxDataHandlerDatagram() that forced traffic through the default interface if the wildcard interface was configured in the socket; this is not suitable to applications with multiple interfaces, especially when the reserved loopback interface is used.
(108) Added validation exception to loopback address range communication in NetIPv4_GetAddrSrcHandler().
(108) Added code to invalidate loopback-to-remote-host communication corner case in NetIPv4_GetAddrSrcHandler().
(121) Added support for GZIP compression.
(149) Assigned more appropriate, descriptive error to masked LIB_MEM_XXX errors in Altera TSE driver.
(150) Fixed error in Altera TSE driver that would prevent the TX interrupt from clearing when calling NetDev_Stop().
(211) Fixed uninitialized variable issue within NetMLDP_HostGrpLeave().

 


Version 3.06.05

Release Date

October 22, 2021

Changelog

(168) Fixed issue in NetICMP_TxEchoReq() returning the wrong error code.
(151) Fixed issue with Marvell 88E1111 PHY driver where it did not adjust RMII timing.
(148) Fixed issue where Altera TSE driver (Nios-II) transmitted data unreliably when a network interface was restarted.
(147, 144) Fixed issue in the following drivers where the descriptor memory was not freed when the network interface was stopped then started: Altera TSE, A2FX00, FEC, FEC-MPC55xx, H8s2472, and SH-EtherC.
(183) Changed the error value returned by NetSock_GetConnTransportID() when UDP sockets are passed to this function.

 


Version 3.06.04

Release Date

June 16, 2021

Changelog

Cleaned lingering references to IPERF_VERSION in iperf.c.
Fixed include for ftp-c_type.h in ftp-c_cfg.h.
Fixed includes for shell.h in net_cmd, sntp-c_cmd, and smtp-c_cmd.
Fixed the call to DNSc_GetHost() in dns-c_cmd.c.
Fixed the include for net_if_ether.h in net_dev_gem64.c
Fixed the include for telnet-s.h in the TELNETs OS2 port.

 


Version 3.06.03

Release Date

March 19, 2021

Changelog

Implemented TCP NewReno algorithm as described in RFC #6582.
Implemented IPv6 loopback interface.
Fixed possible DoS attack in HTTPs due to incrementing an unchecked pointer (NIST Vulnerability Number: CVE-2020-13582).
Fixed DoS attack that was possible if the multipart forms feature is enabled but a HTTPs connection's FormCfgPtr is NULL. (NIST Vulnerability Number: CVE-2020-13583)
Improved the random generation of TCP initial sequence numbers as described in RFC #6528. The NET_DBG_CFG_TEST_TCP configuration #define was renamed to NET_TCP_CFG_RANDOM_ISN_GEN in net_cfg.h to reflect this.
Added NET_ICMP_CFG_DEST_UNREACH_MSG_EN option in net_cfg.h to disable ICMP "Destination Unreachable" replies.
Added support for the LPC408x line to the lpcxxxx ethernet driver description header.
Fixed out-of-bounds array access issue in NetBuf_Discard() by making the conditional call to NetIF_IsValidHandler() in NetBuf_FreeHandler()  mandatory.
Fixed bug in NetIPv4_GetAddrSrcHandler() that didn't account for 'addr_remote' variable being in network order.
SMTPc_CFG_USERNAME_MAX_LEN is misspelled as SMTMc_CFG_USERNAME_MAX_LEN in smtp-c.h
DHCPc was missing calls to CPU_SW_EXCEPTION() for null error pointers that were passed into public APIs.
FTPs source code was modified to better reflect our coding standards.
Fixed issue on the GMAC driver; an incorrect shift operand was used.

 


Version 3.06.02

Release Date

September 29, 2020

Changelog

Fixed buffer leak when in the FIN_WAIT_2 state and both NET_ERR_CFG_ARG_CHK_DBG_EN and NET_DBG_CFG_MEM_CLR_EN are disabled
Fixed issue where ARP module failed to invalidate cache entry in the RENEW state if the host becomes unreachable
Fixed issue where HTTPs mishandled the HTTPs_CONN_STATE_ERR_INTERNAL state by not processing it
Fixed issue where HTTPsConn_ErrInternal() set the incorrect status code if the request wasn't successfully parsed
Fixed issue that caused HTTP server to set a connection in the incorrect state if the socket receive queue is empty when using HTTP server in conjunction with emSSL
Fixed build error in FTP server when IPv4 was disabled
Fixed issue where NetSock_Accept() was calling the wrong label when validating the initial address length
Enhanced the emSSL port

 


Version 3.06.01

Release Date

June 9, 2020

Changelog

Converted Cs/NET OS folders

Version 3.06.00

Release Date

March 30, 2020

Changelog

Initial release forked from uC/TCP-IP V3.06.00

 

Reliable

Cesium software includes comprehensive documentation, full source code, powerful debugging features, and support for a huge range of CPU architectures.

Efficient

Cesium software offers unprecedented ease-of-use, a small memory footprint, remarkable energy efficiency, and all with a full suite of protocol stacks.

Trusted

Engineers across the world building industrial controls, medical devices, and aerospace systems know they can rely on Cesium software for the foundation of exceptional products.